Wire Fraud Scam Getting Worse: New Twist

Here is a recent situation which unfortunately impacted one of our clients and worth sharing in the hope that increased awareness will limit the chance of this happening again. This situation is a twist on the traditional wire fraud scam and shows how far the bad guys are willing to go to steal from your clients.

The title company involved on a transaction was breached by bad guys who found out the specifics of a closing coming up at our insured’s real estate agency.  Instead of the bad guys sending a fraudulent email posing as the title agency they called the agent of the buyer to communicate the updated wiring information for the funds needed to close.  The realtor took the telephone call thinking it was the title company and relayed the information to the buyer who in turned wired the closing funds to a fraudulent bank account.  Luckily a majority of the funds were recovered but not after considerable effort and expense. What makes this more concerning than most wire fraud situations is that neither the E&O policy or the Cyber Liability policy were willing to cover the lost funds.

What makes this different?

An important distinction here is that bad guys are learning that real estate agents are not trusting email as a communication tool for wiring instructions and are adapting by making telephone calls, falsely representing the title company. This is a disturbing new development. Please communicate this to your agents.

How did their liability policies respond?

  • Cyber liability policies are triggered when the insured has a situation where a breach is suspected. In this situation, the cyber policy triggered to provide forensic services to determine the origin of the breach which ended up being the title company. At that point, the policy stops covering any liability since the insured’s systems were not compromised. It is worth noting that even if the bad guys sent an email from the title company to the agent, instead of the telephone call, the cyber policy would not have provided cover for the same reason. No Breach No Cover.
  • The E&O policy has a specific exclusion for any liability resulting from wire transfers. These exclusions are becoming more common in E&O policies since carriers are not interested in the exposure related to wire transfer fraud.

What can you do to protect yourself?

  • Do not get involved in any communication of wire instructions to your client. This includes text messages, email and telephone calls.
  • Create a Fund Transfer Pledge with your clients.
  • If you receive communication regarding a closing, be sure to call the related party by dialing a number that is NOT part of the recent communication since it is likely that telephone number goes directly to the bad guys. Call another number you have on file.

* Every coverage situation is different, and the final outcome depends on the unique facts, law and insurance policy involved. The E&O policy contains reductions, limitations, exclusions and termination provisions that impact coverage for a specific event. Full details of the coverage are contained in the policy

Orbitz.com: The Latest Breach Victim

What happened at Orbitz?

Reports from March 20 state that up to 880,000 payment card numbers and related information could’ve been exposed in a data breach. Orbitz, which is owned by Expedia, apparently had two different data disclosures.

In the first disclosure, an attacker may have accessed customers’ personal information for some purchases made on orbitz.com between Jan. 1, 2016, and June 22, 2016, according to news reports.

In the second disclosure, customer data from other travel sites that used Orbitz to book travel between Jan. 1, 2016, and Dec. 22, 2016, may have been compromised, according to published reports. One of the affected sites was the American Express site Amextravel.com.

The related information that could have been exposed includes:
Customer’s full name
Date of Birth
Phone number
Email Address
Physical or billing address
Gender

Fraudulent Closing Instructions scam quadrupled in 2017

At PBI Group we have seen this trend continue over the past 3-years and apparently, it has reached new heights. The average claim of lost client funds is $352,000 according to this recent report.  This is why we recommend that every real estate agency has a cyber liability policy. 

Here is the original post from Beazley Breach Response Services.